There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits

Phishing is a form of identity theft in which an attacker attempts to elicit confidential information from unsuspecting victims. While in the past there has been significant work on defending from phishing, much less is known about the tools and techniques used by attackers, i.e., Phishers. Of particular importance to understanding the Phishers' methods and motivations are phishing kits, packages that contain complete phishing web sites in an easy-to-deploy format. In this paper, the authors study in detail the kits distributed for free in underground circles and those obtained by crawling live phishing sites.